Cyber Security latest penetration testing tools and security assessment. Ethical Hacking, Web Application, Security Audits. https://cyber-security.us.to/index.html Sat, 15 Oct 2022 00:00:00 +0100 SQLi Auth Bypass payloads. Sat, 15 Oct 2022 00:00:00 +0100 https://cyber-security.us.to/web-security/SQL-Auth-Bypass-payloads/index.html https://cyber-security.us.to/web-security/SQL-Auth-Bypass-payloads/index.html VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. Sun, 19 Jun 2022 00:00:00 +0100 https://cyber-security.us.to/web-security/VAmPI/index.html https://cyber-security.us.to/web-security/VAmPI/index.html NETReactorSlayer is an open source (GPLv3) deobfuscator for Eziriz .NET Reactor. Sun, 19 Jun 2022 00:00:00 +0100 https://cyber-security.us.to/reverse-engineering/NETReactorSlayer/index.html https://cyber-security.us.to/reverse-engineering/NETReactorSlayer/index.html The finest Windows Optimizer. Portable utility that helps you restore your privacy and increase your security. Wed, 15 Jun 2022 00:00:00 +0100 https://cyber-security.us.to/security/optimizer/index.html https://cyber-security.us.to/security/optimizer/index.html PacketStreamer - Distributed tcpdump for cloud native environments . Thu, 09 Jun 2022 00:00:00 +0100 https://cyber-security.us.to/network/PacketStreamer/index.html https://cyber-security.us.to/network/PacketStreamer/index.html Exploit Microsoft Office remotely execute code vulnerability aka Follina - CVE-2022-30190 Thu, 09 Jun 2022 00:00:00 +0100 https://cyber-security.us.to/exploit/microsoft-vulnerability-aka-follina-CVE-2022-30190/index.html https://cyber-security.us.to/exploit/microsoft-vulnerability-aka-follina-CVE-2022-30190/index.html AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically. Mon, 06 Jun 2022 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/AutoPWN-Suite/index.html https://cyber-security.us.to/exploitation-tools/AutoPWN-Suite/index.html Easily expand your attack surface on a local network by discovering more hosts, via SSH. Sun, 05 Jun 2022 00:00:00 +0100 https://cyber-security.us.to/network/puwr-ssh-attack/index.html https://cyber-security.us.to/network/puwr-ssh-attack/index.html CRLFsuite is a fast tool specially designed to scan CRLF injection. Fri, 03 Jun 2022 00:00:00 +0100 https://cyber-security.us.to/web-security/CRLFsuite/index.html https://cyber-security.us.to/web-security/CRLFsuite/index.html NotionTerm - Embed reverse shell in Notion pages. Hack while taking notes Wed, 01 Jun 2022 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/notionterm/index.html https://cyber-security.us.to/exploitation-tools/notionterm/index.html Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. Sun, 29 May 2022 00:00:00 +0100 https://cyber-security.us.to/network/mitm-intercept/index.html https://cyber-security.us.to/network/mitm-intercept/index.html k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters. Fri, 27 May 2022 00:00:00 +0100 https://cyber-security.us.to/pentesting/k0otkit/index.html https://cyber-security.us.to/pentesting/k0otkit/index.html MitmProxy2Swagger - Automagically reverse-engineer REST APIs via capturing traffic Thu, 26 May 2022 00:00:00 +0100 https://cyber-security.us.to/reverse-engineering/mitmproxy2swagger/index.html https://cyber-security.us.to/reverse-engineering/mitmproxy2swagger/index.html Cobalt Strike MANUALS_V2 Active Directory from archive leaked pentesting materials, which were previously given to Conti ransomware group affilates . Thu, 26 May 2022 00:00:00 +0100 https://cyber-security.us.to/pentesting/CobaltStrike-Conti-Active-Directory/index.html https://cyber-security.us.to/pentesting/CobaltStrike-Conti-Active-Directory/index.html Tornado anonymously reverse shell over onion network using hidden services without portfortwarding Thu, 26 May 2022 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/tornado/index.html https://cyber-security.us.to/exploitation-tools/tornado/index.html Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus Thu, 26 May 2022 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/CobaltBus/index.html https://cyber-security.us.to/exploitation-tools/CobaltBus/index.html A machine learning malware analysis framework for Android apps Wed, 25 May 2022 00:00:00 +0100 https://cyber-security.us.to/phone/DroidDetective/index.html https://cyber-security.us.to/phone/DroidDetective/index.html BotenaGo botnet targets millions of IoT devices with 33 exploits Wed, 25 May 2022 00:00:00 +0100 https://cyber-security.us.to/exploit/BotenaGo/index.html https://cyber-security.us.to/exploit/BotenaGo/index.html Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask Thu, 19 May 2022 00:00:00 +0100 https://cyber-security.us.to/reverse-engineering/xepor-web-framework/index.html https://cyber-security.us.to/reverse-engineering/xepor-web-framework/index.html Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh Thu, 19 May 2022 00:00:00 +0100 https://cyber-security.us.to/pentesting/malicious-pdf/index.html https://cyber-security.us.to/pentesting/malicious-pdf/index.html Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs. Mon, 16 May 2022 00:00:00 +0100 https://cyber-security.us.to/network/Malcolm/index.html https://cyber-security.us.to/network/Malcolm/index.html Git All the Payloads! A collection of web attack payloads. Download external payloads and unzip any payload files that are compressed. Thu, 05 May 2022 00:00:00 +0100 https://cyber-security.us.to/web-security/web-attack-payloads-wordlist/index.html https://cyber-security.us.to/web-security/web-attack-payloads-wordlist/index.html Wfuzz provides a framework to automate web applications security assessments and could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wed, 04 May 2022 00:00:00 +0100 https://cyber-security.us.to/web-security/wfuzz-the-web-fuzzer/index.html https://cyber-security.us.to/web-security/wfuzz-the-web-fuzzer/index.html CVE-2022-26352 - A pre-auth remote code execution vulnerability was found in DotCMS which was achievable by performing a directory traversal attack during file upload. Mon, 25 Apr 2022 00:00:00 +0100 https://cyber-security.us.to/exploit/dotcms-remote-code-execution-cve-2022-26352/index.html https://cyber-security.us.to/exploit/dotcms-remote-code-execution-cve-2022-26352/index.html Sub3 Suite is a research-grade suite of tools for Subdomain Enumeration, OSINT Information gathering & Attack Surface Mapping. Wed, 20 Apr 2022 00:00:00 +0100 https://cyber-security.us.to/reconnaissance-tools/sub3suite/index.html https://cyber-security.us.to/reconnaissance-tools/sub3suite/index.html OWASP Coraza is a golang enterprise-grade Web Application Firewall framework that supports Modsecurity's seclang language and is 100% compatible with OWASP Core Ruleset. Sun, 17 Apr 2022 00:00:00 +0100 https://cyber-security.us.to/web-security/OWASP-Coraza-Web-Application-Firewall/index.html https://cyber-security.us.to/web-security/OWASP-Coraza-Web-Application-Firewall/index.html Shhhloader is a SysWhispers Shellcode Loader. It takes raw shellcode as input and compiles a C++ stub that has been integrated with SysWhispers in order to bypass AV/EDR. Sun, 10 Apr 2022 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/Shhhloader-Shellcode-Loader/index.html https://cyber-security.us.to/exploitation-tools/Shhhloader-Shellcode-Loader/index.html Notion - the notetaking app as a C2. Sun, 03 Apr 2022 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/C2-OffensiveNotion/index.html https://cyber-security.us.to/exploitation-tools/C2-OffensiveNotion/index.html CVE-2022-22963 - PoC Spring Java Framework Remote Code Execution Vulnerability Sat, 02 Apr 2022 00:00:00 +0100 https://cyber-security.us.to/exploit/SpringBoot-RCE/index.html https://cyber-security.us.to/exploit/SpringBoot-RCE/index.html Dirty Pipe (CVE-2022-0847) is a local privilege escalation vulnerability in the Linux kernel that could potentially allow an unprivileged user Fri, 01 Apr 2022 00:00:00 +0100 https://cyber-security.us.to/exploit/DirtyPipe-Exploits/index.html https://cyber-security.us.to/exploit/DirtyPipe-Exploits/index.html This tool demonstrates the power of UAC bypasses and built-in features of Windows. Fri, 01 Apr 2022 00:00:00 +0100 https://cyber-security.us.to/exploit/Auto-Elevate/index.html https://cyber-security.us.to/exploit/Auto-Elevate/index.html **Binary Ninja** is an interactive disassembler, decompiler, and binary analysis platform for reverse engineers, malware analysts, vulnerability researchers, and software developers that runs on Windows, macOS, Linux. Fri, 25 Mar 2022 00:00:00 +0000 https://cyber-security.us.to/reverse-engineering/Binary-Ninja-3.0/index.html https://cyber-security.us.to/reverse-engineering/Binary-Ninja-3.0/index.html Crack legacy zip encryption with Biham and Kocher's known plaintext attack Sat, 19 Mar 2022 00:00:00 +0000 https://cyber-security.us.to/reverse-engineering/bkcrack/index.html https://cyber-security.us.to/reverse-engineering/bkcrack/index.html Phant0m uses two different options to detect and kill the threads of the Event Log service. Fri, 18 Mar 2022 00:00:00 +0000 https://cyber-security.us.to/exploitation-tools/Phant0m-Windows-Event-Log-Killer/index.html https://cyber-security.us.to/exploitation-tools/Phant0m-Windows-Event-Log-Killer/index.html Mip22 is a modern and advanced cyber security program for computers with Gnu / Linux operating system and mobile phones and tablets with android operating system, for educational purposes. Thu, 17 Mar 2022 00:00:00 +0000 https://cyber-security.us.to/reconnaissance-tools/mip22-Advanced-Phishing-Tool/index.html https://cyber-security.us.to/reconnaissance-tools/mip22-Advanced-Phishing-Tool/index.html Security Onion is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management. Wed, 16 Mar 2022 00:00:00 +0000 https://cyber-security.us.to/security/Security-Onion/index.html https://cyber-security.us.to/security/Security-Onion/index.html S1EM - This Project Is A SIEM With SIRP And Threat Intel, All In One Wed, 16 Mar 2022 00:00:00 +0000 https://cyber-security.us.to/security/S1EM/index.html https://cyber-security.us.to/security/S1EM/index.html Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. Wed, 16 Mar 2022 00:00:00 +0000 https://cyber-security.us.to/network/Zeek-Network-Security-Monitor/index.html https://cyber-security.us.to/network/Zeek-Network-Security-Monitor/index.html HaccTheHub - Open Source Self-Hosted Cyber Security Learning Platform Sun, 13 Mar 2022 00:00:00 +0000 https://cyber-security.us.to/security/HaccTheHub/index.html https://cyber-security.us.to/security/HaccTheHub/index.html PwnKit (CVE-2021-4034) is a privilege escalation vulnerability that allows unprivileged local users to get full root privileges Fri, 11 Mar 2022 00:00:00 +0000 https://cyber-security.us.to/reconnaissance-tools/Nivistealer/index.html https://cyber-security.us.to/reconnaissance-tools/Nivistealer/index.html Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more. Wed, 09 Mar 2022 00:00:00 +0000 https://cyber-security.us.to/security/ThreatMapper/index.html https://cyber-security.us.to/security/ThreatMapper/index.html The vulnerability is labelled as Log4Shell (CVE-2021-44228) and results in remote code execution (RCE) and is assigned highest CVE severity level of 10. Tue, 08 Mar 2022 00:00:00 +0000 https://cyber-security.us.to/exploit/log4shell/index.html https://cyber-security.us.to/exploit/log4shell/index.html PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Mon, 07 Mar 2022 00:00:00 +0000 https://cyber-security.us.to/web-security/PyShell/index.html https://cyber-security.us.to/web-security/PyShell/index.html BruteShark is a Network Forensic Analysis Tool (NFAT) that performs deep processing and inspection of network traffic Mon, 07 Mar 2022 00:00:00 +0000 https://cyber-security.us.to/network/BruteShark/index.html https://cyber-security.us.to/network/BruteShark/index.html PwnKit (CVE-2021-4034) is a privilege escalation vulnerability that allows unprivileged local users to get full root privileges Sun, 06 Mar 2022 00:00:00 +0000 https://cyber-security.us.to/exploit/PwnKit-Exploit/index.html https://cyber-security.us.to/exploit/PwnKit-Exploit/index.html Xerror is an automated penetration tool , which will helps security professionals and non professionals to automate their pentesting tasks. Xerror will perform all tests and, at the end generate two reports for executives and analysts. Wed, 25 Nov 2020 00:00:00 +0000 https://cyber-security.us.to/pentesting/Xerror/index.html https://cyber-security.us.to/pentesting/Xerror/index.html A dashboard for a real-time overview of threat intelligence from MISP instances Fri, 07 Feb 2020 00:00:00 +0000 https://cyber-security.us.to/reconnaissance-tools/Misp-Dashboard/index.html https://cyber-security.us.to/reconnaissance-tools/Misp-Dashboard/index.html Plugin manager for x64dbg Mon, 03 Feb 2020 00:00:00 +0000 https://cyber-security.us.to/reverse-engineering/x64dbg-Plugin-Manager/index.html https://cyber-security.us.to/reverse-engineering/x64dbg-Plugin-Manager/index.html Extract credentials from lsass remotely Tue, 28 Jan 2020 00:00:00 +0000 https://cyber-security.us.to/reconnaissance-tools/lsassy/index.html https://cyber-security.us.to/reconnaissance-tools/lsassy/index.html A tiny framework for easily manipulate the tty and create fake binaries. Tue, 28 Jan 2020 00:00:00 +0000 https://cyber-security.us.to/exploitation-tools/TAS/index.html https://cyber-security.us.to/exploitation-tools/TAS/index.html A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'what's in it' using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes. Sat, 25 Jan 2020 00:00:00 +0000 https://cyber-security.us.to/security/ApplicationInspector/index.html https://cyber-security.us.to/security/ApplicationInspector/index.html GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions. Mon, 13 Jan 2020 00:00:00 +0000 https://cyber-security.us.to/exploit/GTFOBins/index.html https://cyber-security.us.to/exploit/GTFOBins/index.html A black-box obfuscation tool for Android apps Sun, 12 Jan 2020 00:00:00 +0000 https://cyber-security.us.to/phone/Obfuscapk/index.html https://cyber-security.us.to/phone/Obfuscapk/index.html AttackSurfaceMapper is a tool that aims to automate the reconnaissance process. Sat, 11 Jan 2020 00:00:00 +0000 https://cyber-security.us.to/reconnaissance-tools/AttackSurfaceMapper/index.html https://cyber-security.us.to/reconnaissance-tools/AttackSurfaceMapper/index.html Metasploit is a penetration testing platform that enables you to find, exploit, and validate vulnerabilities. The platform includes the Metasploit Pro and Metasploit Framework. Thu, 09 Jan 2020 00:00:00 +0000 https://cyber-security.us.to/pentesting/Metasploit-Pro/index.html https://cyber-security.us.to/pentesting/Metasploit-Pro/index.html Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. Wed, 08 Jan 2020 00:00:00 +0000 https://cyber-security.us.to/phone/Andriller/index.html https://cyber-security.us.to/phone/Andriller/index.html Ultimate Internet of Things/Industrial Control Systems reconnaissance tool. Sat, 04 Jan 2020 00:00:00 +0000 https://cyber-security.us.to/reconnaissance-tools/Kamerka-GUI/index.html https://cyber-security.us.to/reconnaissance-tools/Kamerka-GUI/index.html Lesser Known Web Attack Lab is for intermediate pentester that can test and practice lesser known web attacks such as Object Injection, XSSI, PHAR Deserialization, variables variable. Fri, 03 Jan 2020 00:00:00 +0000 https://cyber-security.us.to/web-security/LKWA/index.html https://cyber-security.us.to/web-security/LKWA/index.html A framework for secure and scalable network traffic analysis Thu, 02 Jan 2020 00:00:00 +0000 https://cyber-security.us.to/network/NetCap/index.html https://cyber-security.us.to/network/NetCap/index.html Graphical tool for reverse engineering of Angular projects. It allows you to navigate in the structure of your application and observe the relationship between the different modules, providers, and directives. Mon, 02 Dec 2019 00:00:00 +0000 https://cyber-security.us.to/reverse-engineering/ngrev/index.html https://cyber-security.us.to/reverse-engineering/ngrev/index.html New Simjacker vulnerability exploited by surveillance companies for espionage operation. Sat, 23 Nov 2019 00:00:00 +0000 https://cyber-security.us.to/phone/SimJacker/index.html https://cyber-security.us.to/phone/SimJacker/index.html Shellcodes are small codes in Assembly language which could be used as the payload in software exploitation. Other usages are in malwares, bypassing antiviruses, obfuscated codes and etc. Thu, 14 Nov 2019 00:00:00 +0000 https://cyber-security.us.to/exploit/OSWAP-ZSC/index.html https://cyber-security.us.to/exploit/OSWAP-ZSC/index.html Discover more about the web application security testing capabilities of AppSpider and learn how it detect holes in your most complex applications. Wed, 13 Nov 2019 00:00:00 +0000 https://cyber-security.us.to/web-security/AppSpider/index.html https://cyber-security.us.to/web-security/AppSpider/index.html Template injection allows an attacker to include template code into an existant (or not) template. A template engine makes designing HTML pages easier by using static template files which at runtime replaces variables/placeholders with actual values in the HTML pages. Tue, 05 Nov 2019 00:00:00 +0000 https://cyber-security.us.to/web-security/Server-Side-Template-Injection/index.html https://cyber-security.us.to/web-security/Server-Side-Template-Injection/index.html A HackBar for new firefox (Firefox Quantum). This addon is written in webextension and alternatives to the XUL version of original Hackbar. Mon, 04 Nov 2019 00:00:00 +0000 https://cyber-security.us.to/web-security/HackBar-V2/index.html https://cyber-security.us.to/web-security/HackBar-V2/index.html ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. Sun, 03 Nov 2019 00:00:00 +0000 https://cyber-security.us.to/web-security/ezXSS/index.html https://cyber-security.us.to/web-security/ezXSS/index.html Tplmap assists the exploitation of Code Injection and Server-Side Template Injection vulnerabilities with a number of sandbox escape techniques to get access to the underlying operating system. Sun, 03 Nov 2019 00:00:00 +0000 https://cyber-security.us.to/web-security/Tplmap/index.html https://cyber-security.us.to/web-security/Tplmap/index.html A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI. Sat, 02 Nov 2019 00:00:00 +0000 https://cyber-security.us.to/security/Trivy/index.html https://cyber-security.us.to/security/Trivy/index.html Sparrow-wifi has been built from the ground up to be the next generation 2.4 GHz and 5 GHz Wifi spectral awareness tool. At its most basic it provides a more comprehensive GUI-based replacement for tools like inSSIDer and linssid that runs specifically on linux. Tue, 29 Oct 2019 00:00:00 +0000 https://cyber-security.us.to/network/Sparrow-Wifi/index.html https://cyber-security.us.to/network/Sparrow-Wifi/index.html Learn Rails the way the Rails core team recommends it, along with the tens of thousands of developers who have used this broad, far-reaching tutorial and reference. If you’re new to Rails, you’ll get step-by-step guidance. Tue, 29 Oct 2019 00:00:00 +0000 https://cyber-security.us.to/development/Agile-Web-Development/index.html https://cyber-security.us.to/development/Agile-Web-Development/index.html Learn how to program using the updated C++17 language. You'll start with the basics and progress through step-by-step examples to become a working C++ programmer. Mon, 28 Oct 2019 00:00:00 +0000 https://cyber-security.us.to/development/cplusplus17/index.html https://cyber-security.us.to/development/cplusplus17/index.html XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. Sun, 27 Oct 2019 00:00:00 +0100 https://cyber-security.us.to/network/Xray/index.html https://cyber-security.us.to/network/Xray/index.html When a browser requests a resource from a cross-origin (third party) server, that cross-origin’s domain name must be resolved to an IP address before the browser can issue the request. Sat, 26 Oct 2019 00:00:00 +0100 https://cyber-security.us.to/development/dns-prefetch/index.html https://cyber-security.us.to/development/dns-prefetch/index.html PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically. Fri, 25 Oct 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/PHP-Generic-Gadget-Chains/index.html https://cyber-security.us.to/web-security/PHP-Generic-Gadget-Chains/index.html A ready to use JSONP endpoints/payloads to help bypass content security policy of different websites. Automated blind-xss search for Burp Suite Wed, 23 Oct 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/JSONBee/index.html https://cyber-security.us.to/web-security/JSONBee/index.html Automated blind-xss search for Burp Suite Sun, 20 Oct 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/Femida-xss/index.html https://cyber-security.us.to/web-security/Femida-xss/index.html A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! Sat, 19 Oct 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/SUID3NUM/index.html https://cyber-security.us.to/exploitation-tools/SUID3NUM/index.html Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters Fri, 18 Oct 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/Donut/index.html https://cyber-security.us.to/exploitation-tools/Donut/index.html Postenum is a clean, nice and easy tool for basic/advanced privilege escalation vectors/techniques. Postenum tool is intended to be executed locally on a Linux box. Tue, 15 Oct 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/Postenum/index.html https://cyber-security.us.to/exploitation-tools/Postenum/index.html PostShell is a post-exploitation shell that includes both a bind and a back connect shell. It creates a fully interactive TTY which allows for job control. The stub size is around 14kb and can be compiled on any Unix like system. Thu, 10 Oct 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/Postshell/index.html https://cyber-security.us.to/web-security/Postshell/index.html Automated Vulnerability Scanner for XSS | Written in Python3 | Utilizes Selenium Headless . Mon, 07 Oct 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/Traxss/index.html https://cyber-security.us.to/web-security/Traxss/index.html Faction is a C2 framework for security professionals, providing an easy way to extend and interact with agents. It focuses on providing an easy, stable, and approachable platform for C2 communications through well documented REST and Socket.IO APIs. Sun, 06 Oct 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/FactionC2/index.html https://cyber-security.us.to/exploitation-tools/FactionC2/index.html Sliver is a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS. Sat, 05 Oct 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/Sliver/index.html https://cyber-security.us.to/exploitation-tools/Sliver/index.html Download Windows operating systems, Office applications, language packs, and virtual machines directly from Microsoft servers.. Fri, 04 Oct 2019 00:00:00 +0100 https://cyber-security.us.to/security/windows-iso/index.html https://cyber-security.us.to/security/windows-iso/index.html email2phonenumber is an OSINT tool that allows you to obtain a target's phone number just by having his email address. Thu, 03 Oct 2019 00:00:00 +0100 https://cyber-security.us.to/phone/email2phonenumber/index.html https://cyber-security.us.to/phone/email2phonenumber/index.html Writing custom backdoor payloads with C# - Defcon 27 Mon, 30 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/pentesting/Defcon27-Csharp-Workshop/index.html https://cyber-security.us.to/pentesting/Defcon27-Csharp-Workshop/index.html A method is detailed, dubbed CSS Exfil, which can be used to steal targeted data using Cascading Style Sheets (CSS) as an attack vector. Sun, 29 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/CSS-Exfil-Protection/index.html https://cyber-security.us.to/web-security/CSS-Exfil-Protection/index.html This exploits a flaw in the WSReset.exe file associated with the WindowsStore. Sun, 22 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/exploit/UAC-Bypass-in-Windows-10-Store-Binary/index.html https://cyber-security.us.to/exploit/UAC-Bypass-in-Windows-10-Store-Binary/index.html Stegify is a simple command line tool capable of fully transparent hiding any file within an image. This technique is known as LSB Fri, 20 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/security/Stegify/index.html https://cyber-security.us.to/security/Stegify/index.html SKA allows you to implement a very simple and fast karma attack. Fri, 20 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/network/Simple-Karma-Attack/index.html https://cyber-security.us.to/network/Simple-Karma-Attack/index.html Guide XSS Attack and Defence . Thu, 19 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/XSS-Attack/index.html https://cyber-security.us.to/web-security/XSS-Attack/index.html A DNS rebinding attack framework. Wed, 18 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/Singularity/index.html https://cyber-security.us.to/web-security/Singularity/index.html Image Payload Creating/Injecting tools . Wed, 18 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/Pixload/index.html https://cyber-security.us.to/web-security/Pixload/index.html Mariangel Huneidy In this article, we will dive into the field of ethical hacking to answer all of these questions and more. Wed, 18 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/security/The-Ultimate-Guide-to-Ethical-Hacking/index.html https://cyber-security.us.to/security/The-Ultimate-Guide-to-Ethical-Hacking/index.html Atomic Red Team is a library of simple tests that every security team can execute to test their defenses. Tue, 17 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/pentesting/Atomic-Red-Team/index.html https://cyber-security.us.to/pentesting/Atomic-Red-Team/index.html FudgeC2 - A collaborative C2 framework for purple-teaming written in Python3, Powershell and .NET Tue, 17 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/FudgeC2/index.html https://cyber-security.us.to/exploitation-tools/FudgeC2/index.html hakluke XSS payloads designed to turn alert(1) into P1. Sun, 15 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/Weaponised-XSS-Payloads/index.html https://cyber-security.us.to/web-security/Weaponised-XSS-Payloads/index.html Blocked Window Alert - Prompt - Confirm - Open XSS && Window.Console . Sat, 14 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/Block-Alert-XSS/index.html https://cyber-security.us.to/web-security/Block-Alert-XSS/index.html BurpSuite Pro 2.1 Deobfuscated and analyse . Sat, 14 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/reverse-engineering/Deobfuscated-BurpSuite-Pro-2.1/index.html https://cyber-security.us.to/reverse-engineering/Deobfuscated-BurpSuite-Pro-2.1/index.html ACT is an open-source threat intelligence platform that has been built from the ground up to address the real-world needs of security analysts Fri, 13 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/security/ACT-Semi-Automated-Cyber-Threat-Intelligence/index.html https://cyber-security.us.to/security/ACT-Semi-Automated-Cyber-Threat-Intelligence/index.html enigma0x3 Bypasses UAC by abusing the App Path key for control.exe, Only tested on Windows 10 Fri, 13 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/exploit/Bypassing-UAC-using-App-Paths/index.html https://cyber-security.us.to/exploit/Bypassing-UAC-using-App-Paths/index.html As often with UAC, the flaw comes from an auto-elevated process. These processes have the particularity to run with high integrity level without prompting the local admin with the usual UAC window. Thu, 12 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/exploit/Another-sdclt-UAC-bypass/index.html https://cyber-security.us.to/exploit/Another-sdclt-UAC-bypass/index.html enigma0x3 Bypassing UAC on Windows 10 using Disk Cleanup Wed, 11 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/exploit/Bypassing-UAC-on-Windows-10-using-Disk-Cleanup/index.html https://cyber-security.us.to/exploit/Bypassing-UAC-on-Windows-10-using-Disk-Cleanup/index.html XSS payloads designed to turn alert(1) into P1. Tue, 10 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/XSpear/index.html https://cyber-security.us.to/web-security/XSpear/index.html Redress - A tool for analyzing stripped Go binaries. Tue, 10 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/reverse-engineering/Redress/index.html https://cyber-security.us.to/reverse-engineering/Redress/index.html Privilege escalation is the process of elevating your permission level, by switching from one user to another one and gain more privileges. For example, a normal user on Linux can become root or get the same permissions as root. Tue, 10 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/exploit/Linux-Privilege-Escalation/index.html https://cyber-security.us.to/exploit/Linux-Privilege-Escalation/index.html Privilege escalation is an important process part of post exploitation in a penetration test that allow an attacker to obtain a higher level of permissions on a system or network. Mon, 09 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/exploit/Windows-Privilege-Escalation/index.html https://cyber-security.us.to/exploit/Windows-Privilege-Escalation/index.html The Prime Cross Site Request Forgery Audit and Exploitation Toolkit. Sat, 07 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/XSRFProbe/index.html https://cyber-security.us.to/web-security/XSRFProbe/index.html The Offensive Manual Web Application Penetration Testing Framework. Sat, 07 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/TIDoS-Framework/index.html https://cyber-security.us.to/web-security/TIDoS-Framework/index.html Agent-less vulnerability scanner for Linux, FreeBSD, Container Image, Running Container, WordPress, Programming language libraries, Network devices. Fri, 06 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/Vuls/index.html https://cyber-security.us.to/web-security/Vuls/index.html Lets Map Your Network enables you to visualise your physical network in form of graph with zero manual error. Fri, 06 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/network/LetsMapYourNetwork/index.html https://cyber-security.us.to/network/LetsMapYourNetwork/index.html Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits. Thu, 05 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/C3/index.html https://cyber-security.us.to/exploitation-tools/C3/index.html Standalone python script for generating reverse shells easily and automating the boring stuff like URL encoding the command and setting up a listener. Tue, 03 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/Revshellgen/index.html https://cyber-security.us.to/web-security/Revshellgen/index.html Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. Tue, 03 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/network/Ehtools/index.html https://cyber-security.us.to/network/Ehtools/index.html Toolkit to detect and keep track on Blind XSS, XXE & SSRF. Mon, 02 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/B-XSSRF/index.html https://cyber-security.us.to/web-security/B-XSSRF/index.html This is an extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks. Sun, 01 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/HTTP-Request-Smuggler/index.html https://cyber-security.us.to/web-security/HTTP-Request-Smuggler/index.html Command and Control for Csharp Writing. Sun, 01 Sep 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/Telegram-Csharp-C2/index.html https://cyber-security.us.to/exploitation-tools/Telegram-Csharp-C2/index.html GhostTunnel is a covert backdoor transmission method that can be used in an isolated environment. Sun, 25 Aug 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/GhostTunnel/index.html https://cyber-security.us.to/exploitation-tools/GhostTunnel/index.html AIL framework - Framework for Analysis of Information Leaks Fri, 23 Aug 2019 00:00:00 +0100 https://cyber-security.us.to/reconnaissance-tools/AIL-Framewok/index.html https://cyber-security.us.to/reconnaissance-tools/AIL-Framewok/index.html A DNS-over-HTTPS Command & Control Proof of Concept Thu, 22 Aug 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/goDoH/index.html https://cyber-security.us.to/exploitation-tools/goDoH/index.html Undetectable Windows Payload Generation with extras Running on Python2.7 Wed, 21 Aug 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/Winpayloads/index.html https://cyber-security.us.to/exploitation-tools/Winpayloads/index.html 0xsp Mongoose Linux / Windows Privilege Escalation intelligent Enumeration Toolkit. Wed, 21 Aug 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/0xsp-Mongoose/index.html https://cyber-security.us.to/exploitation-tools/0xsp-Mongoose/index.html AutoRDPwn is a post-exploitation framework created in Powershell, designed primarily to automate the Shadow attack on Microsoft Windows computers. Sat, 17 Aug 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/AutoRDPwn/index.html https://cyber-security.us.to/exploitation-tools/AutoRDPwn/index.html Python scriptable Reverse Engineering Sandbox, a Virtual Machine instrumentation and inspection framework based on QEMU. Fri, 16 Aug 2019 00:00:00 +0100 https://cyber-security.us.to/reverse-engineering/PyREBox/index.html https://cyber-security.us.to/reverse-engineering/PyREBox/index.html StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. Mon, 12 Aug 2019 00:00:00 +0100 https://cyber-security.us.to/phone/StaCoAn/index.html https://cyber-security.us.to/phone/StaCoAn/index.html o365-attack-toolkit allows operators to perform an OAuth phishing attack and later on use the Microsoft Graph API to extract interesting information. Sun, 11 Aug 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/o365-attack-toolkit/index.html https://cyber-security.us.to/exploitation-tools/o365-attack-toolkit/index.html Linux enumeration tools for pentesting and CTFs. Thu, 01 Aug 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/Linux-Smart-Enumeration/index.html https://cyber-security.us.to/exploitation-tools/Linux-Smart-Enumeration/index.html Undetectable Windows Payload Generation with extras Running on Python2.7 Sun, 21 Jul 2019 00:00:00 +0100 https://cyber-security.us.to/network/PA-Toolkit/index.html https://cyber-security.us.to/network/PA-Toolkit/index.html Fully automated offensive security framework for reconnaissance and vulnerability scanning Fri, 19 Jul 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/Osmedeus/index.html https://cyber-security.us.to/web-security/Osmedeus/index.html A powerful target reconnaissance framework powered by graph theory. Wed, 17 Jul 2019 00:00:00 +0100 https://cyber-security.us.to/reconnaissance-tools/Pown-Recon/index.html https://cyber-security.us.to/reconnaissance-tools/Pown-Recon/index.html Kernel-Mode Rootkit Hunter Sun, 14 Jul 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/Tyton/index.html https://cyber-security.us.to/exploitation-tools/Tyton/index.html WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack. Sat, 13 Jul 2019 00:00:00 +0100 https://cyber-security.us.to/network/WiFi-Pumpkin/index.html https://cyber-security.us.to/network/WiFi-Pumpkin/index.html Undetectable Windows Payload Generation with extras Running on Python2.7 Thu, 11 Jul 2019 00:00:00 +0100 https://cyber-security.us.to/network/VoIPShark/index.html https://cyber-security.us.to/network/VoIPShark/index.html Network & Web Pentest Automation Framework Sat, 06 Jul 2019 00:00:00 +0100 https://cyber-security.us.to/web-security/jok3r/index.html https://cyber-security.us.to/web-security/jok3r/index.html A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission Thu, 04 Jul 2019 00:00:00 +0100 https://cyber-security.us.to/reverse-engineering/GHIDRA/index.html https://cyber-security.us.to/reverse-engineering/GHIDRA/index.html Modlishka is a powerful and flexible HTTP reverse proxy. Tue, 25 Jun 2019 00:00:00 +0100 https://cyber-security.us.to/pentesting/Modlishka/index.html https://cyber-security.us.to/pentesting/Modlishka/index.html An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR Sat, 22 Jun 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/SILENTTRINITY/index.html https://cyber-security.us.to/exploitation-tools/SILENTTRINITY/index.html Koadic, or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. Sat, 22 Jun 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/Koadic/index.html https://cyber-security.us.to/exploitation-tools/Koadic/index.html Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations. Wed, 19 Jun 2019 00:00:00 +0100 https://cyber-security.us.to/reconnaissance-tools/Redelk/index.html https://cyber-security.us.to/reconnaissance-tools/Redelk/index.html Kage is Graphical User Interface for Metasploit Meterpreter and Session Handler. Fri, 14 Jun 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/Kage/index.html https://cyber-security.us.to/exploitation-tools/Kage/index.html Compromising online accounts by cracking voicemail systems Sun, 12 May 2019 00:00:00 +0100 https://cyber-security.us.to/phone/VoiceMailAutomator/index.html https://cyber-security.us.to/phone/VoiceMailAutomator/index.html BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Wed, 24 Apr 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/BloodHound/index.html https://cyber-security.us.to/exploitation-tools/BloodHound/index.html Securely and anonymously send and receive files. Mon, 22 Apr 2019 00:00:00 +0100 https://cyber-security.us.to/security/Onionshare/index.html https://cyber-security.us.to/security/Onionshare/index.html Obfuscate powershell scripts by replacing Function names, Variables and Parameters. Thu, 11 Apr 2019 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/PyFuscation/index.html https://cyber-security.us.to/exploitation-tools/PyFuscation/index.html Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET Thu, 07 Mar 2019 00:00:00 +0000 https://cyber-security.us.to/exploitation-tools/Covenant/index.html https://cyber-security.us.to/exploitation-tools/Covenant/index.html Code source iBoot IOS 9.3 Leaked . Tue, 12 Feb 2019 00:00:00 +0000 https://cyber-security.us.to/phone/iBoot/index.html https://cyber-security.us.to/phone/iBoot/index.html A curated list of awesome malware analysis tools and resources. Sat, 15 Dec 2018 00:00:00 +0000 https://cyber-security.us.to/security/Malware-Analysis-Tools-List/index.html https://cyber-security.us.to/security/Malware-Analysis-Tools-List/index.html People tracker on the Internet: Learn to track the world, to avoid being traced. Tue, 27 Nov 2018 00:00:00 +0000 https://cyber-security.us.to/pentesting/Trape/index.html https://cyber-security.us.to/pentesting/Trape/index.html OpenC2 Command Generator is a web based self service application that runs completely in a Chrome Browser. Thu, 22 Nov 2018 00:00:00 +0000 https://cyber-security.us.to/exploitation-tools/Openc2/index.html https://cyber-security.us.to/exploitation-tools/Openc2/index.html A web front-end for password cracking and analytics http://www.hashview.io Thu, 15 Nov 2018 00:00:00 +0000 https://cyber-security.us.to/pentesting/Hashview/index.html https://cyber-security.us.to/pentesting/Hashview/index.html The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. Wed, 14 Nov 2018 00:00:00 +0000 https://cyber-security.us.to/pentesting/Infection-Monkey/index.html https://cyber-security.us.to/pentesting/Infection-Monkey/index.html Inflator is a Reaver Command Generator. Tue, 13 Nov 2018 00:00:00 +0000 https://cyber-security.us.to/network/Inflator/index.html https://cyber-security.us.to/network/Inflator/index.html FeedingBottle is a Aircrack-ng GUI. Tue, 13 Nov 2018 00:00:00 +0000 https://cyber-security.us.to/network/FeedingBottle/index.html https://cyber-security.us.to/network/FeedingBottle/index.html Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues. Mon, 12 Nov 2018 00:00:00 +0000 https://cyber-security.us.to/security/Dnscrypt-Proxy-Gui/index.html https://cyber-security.us.to/security/Dnscrypt-Proxy-Gui/index.html Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues. Sun, 11 Nov 2018 00:00:00 +0000 https://cyber-security.us.to/web-security/CMSScan/index.html https://cyber-security.us.to/web-security/CMSScan/index.html Anonymous metadata-resistant instant messaging that just works. Sun, 11 Nov 2018 00:00:00 +0000 https://cyber-security.us.to/security/Ricochet/index.html https://cyber-security.us.to/security/Ricochet/index.html Fahad Alharbi baby pwn 2018 CTF. Wed, 07 Nov 2018 00:00:00 +0000 https://cyber-security.us.to/exploit/babypwn2018/index.html https://cyber-security.us.to/exploit/babypwn2018/index.html A collection of android security related resources. Mon, 22 Oct 2018 00:00:00 +0100 https://cyber-security.us.to/phone/Android-Security-List/index.html https://cyber-security.us.to/phone/Android-Security-List/index.html Automate getting Domain Admin using Empire Thu, 11 Oct 2018 00:00:00 +0100 https://cyber-security.us.to/exploitation-tools/DeathStar/index.html https://cyber-security.us.to/exploitation-tools/DeathStar/index.html A collection of open source and commercial tools that aid in red team operations. This repository will help you during red team engagement. If you want to contribute to this list send me a pull request. Sat, 02 Dec 2017 00:00:00 +0000 https://cyber-security.us.to/pentesting/Red-Teaming-Toolkit/index.html https://cyber-security.us.to/pentesting/Red-Teaming-Toolkit/index.html Cutter is a Qt and C++ GUI for radare2. Cutter is created by reverse engineers for reverse engineers. Thu, 16 Nov 2017 00:00:00 +0000 https://cyber-security.us.to/reverse-engineering/Cutter/index.html https://cyber-security.us.to/reverse-engineering/Cutter/index.html Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity. Thu, 16 Nov 2017 00:00:00 +0000 https://cyber-security.us.to/pentesting/Active-Directory-Kill-Chain-Attack-and-Defense/index.html https://cyber-security.us.to/pentesting/Active-Directory-Kill-Chain-Attack-and-Defense/index.html deniable Cracking HawkEye Keylogger Reborn. Fri, 16 Dec 2016 00:00:00 +0000 https://cyber-security.us.to/reverse-engineering/Cracking-HawkEye-Keylogger-Reborn/index.html https://cyber-security.us.to/reverse-engineering/Cracking-HawkEye-Keylogger-Reborn/index.html